There a lot's of different ways to protect your linux server (apache httpd processes) in a way that if a domain is compromised, all other domains will remain unaffected, and protect the server for unauthorized access as well.
System file protectionUse mod_security to confine all apache vhosts to a specific subdirectory i.e. /var/www/vhosts/
Domain protection
Replace apache worker with apache2-mpm-itk or mod-ruid.
System File and Domain protection in the same time
Use apparmor changehat for each domain.(not yet implemented I am afraid)
The first two methods are somewhat easy to implement, and I will try to do my best in laying out some easy instructions to help you apply them to your system.
stay tuned more to come.
No comments:
Post a Comment